IETF Logo Mail Archive

Re: [Ntp] Antwort: Re: Symmetric mode

Danny Mayer <mayer@pdmconsulting.net> Sun, 09 October 2022 21:47 UTC

Return-Path: <mayer@pdmconsulting.net>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E58C14F73F for <ntp@ietfa.amsl.com>; Sun, 9 Oct 2022 14:47:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.108
X-Spam-Level:
X-Spam-Status: No, score=-1.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RDNS_NONE=0.793, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, T_SPF_HELO_PERMERROR=0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FEqWO_jpANby for <ntp@ietfa.amsl.com>; Sun, 9 Oct 2022 14:47:42 -0700 (PDT)
Received: from chessie.everett.org (unknown [IPv6:2001:470:1:205::234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EADBFC14F728 for <ntp@ietf.org>; Sun, 9 Oct 2022 14:47:42 -0700 (PDT)
Received: from [192.168.1.156] (pool-108-26-202-2.bstnma.fios.verizon.net [108.26.202.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4Mlwd81kfPzMPGM; Sun, 9 Oct 2022 21:47:40 +0000 (UTC)
Message-ID: <1cda3113-e9f8-3892-34b4-bc8ebdff687a@pdmconsulting.net>
Date: Sun, 09 Oct 2022 17:47:39 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.13.1
Content-Language: en-US
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: kristof.teichel=40ptb.de@dmarc.ietf.org, ntp@ietf.org
References: <20220919024614.4AB8328C1E2@107-137-68-211.lightspeed.sntcca.sbcglobal.net> <YygwAeTMeSHXXk6t@localhost> <OF42F0D0F6.E94FA935-ONC12588C3.005225C3-C12588C3.0054DC8B@ptb.de> <d13df0b6-7c47-820e-5dbd-21dd7e2d4801@pdmconsulting.net> <YywRhCmTD4mt8KTy@localhost> <9eac8a08-80d7-0d23-940a-d00c4bb2382f@pdmconsulting.net> <YzGErHj7nkt+Ehd8@localhost> <f28113c5-74ed-43a3-2982-ff9250facfb8@pdmconsulting.net> <YzXNRa2Smcs5UsRb@localhost> <d667af83-1358-c249-8752-11fadcc918a8@pdmconsulting.net> <YzqTruKg1xr5VSZH@localhost>
From: Danny Mayer <mayer@pdmconsulting.net>
In-Reply-To: <YzqTruKg1xr5VSZH@localhost>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/iD0oo7Dq6fu4XEnSsvvYJkzVj0I>
Subject: Re: [Ntp] Antwort: Re: Symmetric mode
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Oct 2022 21:47:44 -0000

On 10/3/22 3:47 AM, Miroslav Lichvar wrote:
> On Fri, Sep 30, 2022 at 08:25:00PM -0400, Danny Mayer wrote:
>> On 9/29/22 12:52 PM, Miroslav Lichvar wrote:
>>> How would they decide which one is a client and which one is server?
>> The initiator of the request is acting as the client for the packet and the
>> other one acts as the server. When the other peer initiates a packet it is
>> the client.
> I guess it might be possible to use the origin timestamp to detect
> requests and responses, but that is not how NTP was designed to work.
> It uses the mode number and in the case you are describing it's the
> client and server mode.

If you don't know about the packet then it's requesting the timing data. 
If you know about the packet then it's the response to the reequest you 
sent.


>>> In Figure 15 of the RFC (describing the state of two peers) you can
>>> clearly see that there are only 2 messages per poll.
>>>
>>>
>>>                   t2      t3                 t6          t7
>>>           ---------------------------------------------------------
>>>                    /\         \                 /\            \
>>>                    /           \                /              \
>>>                   /             \              /                \
>>>                  /               \/           /                 \/
>>>           ---------------------------------------------------------
>>>                t1                t4         t5                  t8
>>>
>> I'm not sure what you are seeing.
> There are two peers sending packets to each other. Each peer sends one
> packet per poll. There are four packets shown in the figure. Each one
> is a request and all except the first one are also responses. The
> peers update their state with each received packet.
No, the server only responds to a request. Peer A sends a symmetric mode 
packet to Peer B and Peer B sends a response. Then Peer B sends a 
request to Peer A and Peer A sends a response to Peer B. There's no 
mixing involved here.
>
> If they were using the client/server mode, it would look like this:
>
>          t2  t3        t5         t8       t10 t11      t13        t16
>    --------------------------------------------------------------------
>          /\  \         \         /\        /\  \         \         /\
>         /     \         \       /         /     \         \       /
>        /       \         \     /         /       \         \     /
>       /         \/        \/  /         /         \/        \/  /
>    --------------------------------------------------------------------
>      t1         t4        t6  t7       t9         t12      t14  t15
>
>
> There are twice as many packets for the same number of measurements.
> Half of them are requests and the other half are responses. Requests
> don't update the state of the server. This is why the client/server
> mode is more secure.
Yes and No. Symmetric mode is just as secure, but you are 
misunderstanding how it works. See above response.
>
> The best way to understand the protocol is to write your own minimal
> implementation. If you implemented both modes, I think you would agree
> that symmetric mode is not worth the trouble.
>
> Please, at least make your own packet capture between two peers and
> see that it works how described here. It's not a bug. If it was
> a bug, it would be noticed after all those years. You are just
> spreading misinformation and confusing others.

No, you are just misunderstanding for symmetric mode works.

Danny

>

v2.23.0 | Report a Bug | By Email